SafeConfig 2016 - Automated Decision Making for Active Cyber Defense (SafeConfig 2016)

The premise of this year’s SafeConfig Workshop is that existing tools and methods for security assessments are necessary but insufficient for scientifically rigorous testing and evaluation of resilient and active cyber systems. For example, we contend that existing penetration testing tools, red team processes, and security testing are not able to cope with inherent nature of continuous and resilient systems. Existing tactics, techniques and procedures (TTP) by the adversary, and even existing penetration teams are often adequate to accomplish the job needed for their own specific purposes. However to increase the scientific validity, the validation of resilient systems is not a static nor one of breach of perimeter or exfiltration of data. Rather the objectives for this workshop are the exploration and discussion of scientifically sound testing regimen(s) that will continuously and dynamically probe, attack, and “test” the various resilient and active technologies. This adaptation, and change in focus necessitates at the very least modification, and at the most, wholesale new developments to ensure that resilient and agile aware security testing is available to the research community. These impediments will also include natural faults such as flooding, fire, or hardware failure, or even staff member negligence. They must also be repeatable, reproducible, subject to scientific scrutiny, measurable and meaningful to both researcher’s and practitioners.